Sanesecurity ClamAV blog: zero hour malware, phishing and scams: eFax message from "unknown" FAX_20150302_1425293884

Tuesday, 3 March 2015

eFax message from "unknown" FAX_20150302_1425293884_127.zip

eFax message from "unknown" - 1 page(s), Caller-ID: FAX_20150302_1425293884_127.zip

Headers:

From: {noreplay@faxandvoice.com}
Subject: eFax message from "unknown" - 1 page(s), Caller-ID: 1-314-427-3300

Message body:

Attached is a Zip file:

FAX_20150302_1425293884_127.zip

Inside the Zip is a Windows Executable:

FAX_20150302_1425293884_127.exe

Sha256 Hashes:

3827daf038168f40042c25579fd44a05d1c799fe9e9fb2b159bcb066dff798d1 [1]

Malware Information:

VirusTotal Report [1] (hits 4/57 Virus Scanners)

Malwr Report [1]

Hybrid Analysis Report [1]

Description:

The malware in the zip is a trojan downloader largely referred to as Upatre.

This downloader will then probably download it's parter in crime Dyre.

Dyre, is Zeus-like banking Trojan, which is trying to capture as much information about your online banking details as possible.

It's also being used to then send out the same malware to everyone else by using your own copy of outlook and your bandwidth.

Cheers,

Steve
Sanesecurity.com

2 comments:

Anonymous said...: Thanks. Got this. I knew it was junk.; 5 March 2015 at 22:53
Anonymous said...: My email server wiped it out, saying it was infected.; 14 March 2015 at 19:11

Sanesecurity ClamAV blog: zero hour malware, phishing and scams

Amazon3

Pages

Amazon

Tuesday, 3 March 2015

eFax message from "unknown" FAX_20150302_1425293884_127.zip

2 comments: